Hi Mark,
Of particular interest are your views on the changes to
keystone/common/config.py. The requirement is that we need to be able to
instantiate multiple conf objects (built from different sets of config files).
We tried two approaches to this:
https://review.openstack.org/#/c/39530/11 which attempts to keep the current
keystone config helper apps (register_bool() etc.) by passing on the conf
instance, and
https://review.openstack.org/#/c/39530/12 which removes these helper apps and
just calls the methods on the conf itself (conf.register_opt())
Both functionally work, but interested in your views on both approaches.
Henry
On 6 Aug 2013, at 19:26, ayoung (Code Review) wrote:
Hello Mark McLoughlin,
I'd like you to do a code review. Please visit
https://review.openstack.org/39530
to review the following change.
Change subject: Implement domain specific Identity backends
..
Implement domain specific Identity backends
A common scenario in shared clouds will be that a cloud provider will
want to be able to offer larger customers the ability to interface to
their chosen identity provider. In the base case, this might well be
their own corporate LDAP/AD directory. A cloud provider might also
want smaller customers to have their identity managed solely
within the OpenStack cloud, perhaps in a shared SQL database.
This patch allows domain specifc backends for identity objects
(namely User and groups), which are specified by creation of a domain
configuration file for each domain that requires its own backend.
A side benefit of this change is that it clearly separates the
backends into those that are domain-aware and those that are not,
allowing, for example, the removal of domain validation from the
LDAP identity backend.
Implements bp multiple-ldap-servers
Change-Id: I489e8e50035f88eca4235908ae8b1a532645daab
---
M doc/source/configuration.rst
M etc/keystone.conf.sample
M keystone/auth/plugins/password.py
M keystone/catalog/backends/templated.py
M keystone/common/config.py
M keystone/common/controller.py
M keystone/common/ldap/fakeldap.py
M keystone/common/utils.py
M keystone/config.py
M keystone/identity/backends/kvs.py
M keystone/identity/backends/ldap.py
M keystone/identity/backends/pam.py
M keystone/identity/backends/sql.py
M keystone/identity/controllers.py
M keystone/identity/core.py
M keystone/test.py
M keystone/token/backends/memcache.py
M keystone/token/core.py
A tests/backend_multi_ldap_sql.conf
A tests/keystone.Default.conf
A tests/keystone.domain1.conf
A tests/keystone.domain2.conf
M tests/test_backend.py
M tests/test_backend_ldap.py
24 files changed, 1,028 insertions(+), 372 deletions(-)
git pull ssh://review.openstack.org:29418/openstack/keystone
refs/changes/30/39530/12
--
To view, visit https://review.openstack.org/39530
To unsubscribe, visit https://review.openstack.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I489e8e50035f88eca4235908ae8b1a532645daab
Gerrit-PatchSet: 12
Gerrit-Project: openstack/keystone
Gerrit-Branch: master
Gerrit-Owner: henry-nash hen...@linux.vnet.ibm.com
Gerrit-Reviewer: Brant Knudson bknud...@us.ibm.com
Gerrit-Reviewer: Dolph Mathews dolph.math...@gmail.com
Gerrit-Reviewer: Jenkins
Gerrit-Reviewer: Mark McLoughlin mar...@redhat.com
Gerrit-Reviewer: Sahdev Zala spz...@us.ibm.com
Gerrit-Reviewer: SmokeStack
Gerrit-Reviewer: ayoung ayo...@redhat.com
Gerrit-Reviewer: henry-nash hen...@linux.vnet.ibm.com
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev